| |
Haven't registered yet? Do it here now!
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
 |
|
 |
|
 Posted: Fri May 18, 2012 3:32 pm Post subject: security issue |
 |
|
|
 |
|
 |
|
|
|
|
hi,
i have had some security issues recently with Site Organizer. Apparently, a hacker has been able to overwrite files in the sohtml directory (he added an include file which then redirects surfers).
I am running SO 2.5. Are there any security updates that I should install? Have you seen this issue before? My host says its because the sohtml directory is 777, if I change those rights to 755 will it break the script?
This has happened 3 times in the past few weeks on me, each time I have had my host National Net involved to run security scans and to get things fixed up (the files are owned by the server so I cannot edit them directly) so I suspect this hacker will be back to do it again....so I need to get this fixed up! Any help is appreciated.
cheers
Luke |
|
|
|
|
|
|
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
|
|
|
|
| Posted: Fri May 18, 2012 3:50 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
| one other note, I have already done all the usual security stuff like change my passwords, my ftp passwords, etc to random string 10+ character passwords...that was the first "fix it" that was done by my host, yet the hacker returned for the second time and added the includes only 3 days later. |
|
|
|
|
|
|
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
|
|
|
|
| Posted: Fri May 18, 2012 4:16 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
My host has suggested that I change the location of the existing SO script so that its in a random folder instead, for instance, it is currently at
http://domain.com/so/
My host suggested changing this to http://domain.com/awerasd/so/
Will SO still work OK or are there any files or crontabs that I need to change as well?
(ps...its really difficult to post on this forum when I have to wait ~15 minutes between posts) |
|
|
|
|
|
|
|
kaktus
Owner
Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com
|
|
|
|
|
|
|
| Posted: Fri May 18, 2012 7:15 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
hi there, yes the files are writable, but the hacker is getting into the machine somehow to be able to touch these files, so you and your host should be looking into that direction.. It is normal when a hacker breaks in to touch the writable files, since it can't touch anything else.. All times my clients had such problems, the hackers usually got in through Wordpress, TGP or Trade script that is on their server and from there they spread across..
Yes, you can put SO in whatever inner folder you want. What you will need to change if you do that with your existing so is editing the cronjob to match the new directory, editing your sites where you have the SO include code for calling templates and probably changing in script's settings the new location to the thumbs
_________________
 |
|
|
|
|
|
|
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
|
|
|
|
| Posted: Fri May 18, 2012 9:22 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
thanks, it looks like the hacker was able to get files uploaded into other writeable directories as well & not just SO, my host is investigating and trying to close up any holes.
one other quick question, i tried protecting the SO directory with an htaccess file but that causes the sites using SO to fail since they need access to that directory (same with BO & GS, which I also own). Is there any way to do htaccess protection in SO, BO and GS? |
|
|
|
|
|
|
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
|
|
|
|
| Posted: Fri May 18, 2012 9:43 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
the specific directories that I need to address are:
/bo/
/bo/boimages/temp/
/so/sohtml/ |
|
|
|
|
|
|
|
kaktus
Owner
Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com
|
|
|
|
|
|
|
| Posted: Sat May 19, 2012 7:13 am Post subject: |
|
|
|
|
|
|
|
|
|
|
Hi there, no there isn't htaccess protection due to the nature of the multidomain purpose of the scripts
_________________
|
|
|
|
|
|
|
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
|
|
|
|
| Posted: Mon May 21, 2012 12:36 am Post subject: |
|
|
|
|
|
|
|
|
|
|
the file that is being used by the hacker is /so/sohtml/ and /so/sotemp/
Can these two files be set to chmod 755? |
|
|
|
|
|
|
|
kaktus
Owner
Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com
|
|
|
|
|
|
|
| Posted: Mon May 21, 2012 9:50 am Post subject: |
|
|
|
|
|
|
|
|
|
|
those are directories.. yes, you can chmod them to to 755 as long as SO will still be able to write in them
_________________
|
|
|
|
|
|
|
|
hunkmoney
Joined: 15 Feb 2008
Posts: 41
|
|
|
|
|
|
|
| Posted: Tue May 22, 2012 8:17 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
thanks, it looks like the hacker found a bunch of writeable files and directories and uploaded shell scripts in each spot he could.
Question, with BO, there are a lot of 777 directories. Is is possible to use htaccess protection to allow only the BO domain to access those directories, and still have the blogs function? |
|
|
|
|
|
|
|
kaktus
Owner
Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com
|
|
|
|
|
|
|
| Posted: Tue May 22, 2012 8:36 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
yes, with htaccess you can deny anyone to get into those dirs, but you need to allo in it all your blogs` domains.
Also in BO in "General Settings->File Permissions" you can set BO to build the files with whatever permissions you like and you can take down the 777 directories to 755, just make sure BO is able to write after that...
_________________
|
|
|
|
|
|
|
|
goldengob
Joined: 19 Dec 2006
Posts: 26
Location: USA
|
|
|
|
|
|
|
| Posted: Tue Jul 03, 2012 7:12 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
I'm getting this on login:
Fatal error: Incompatible file format: The encoded file has format major ID 0, whereas the Optimizer expects 2 in /home/username/public_html/so/index.php on line 0
Have I been hacked too, or is this something else...
How do I correct it?
Thx!
_________________
Mrpinkie.com |
|
|
|
|
|
|
|
kaktus
Owner
Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com
|
|
|
|
|
|
|
| Posted: Tue Jul 03, 2012 8:47 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
no, that has nothing to do with hacking...
your server seem to be recently upgraded... See what PHP and Zend Optimizer/Guard you are on now and let me know...
_________________
|
|
|
|
|
|
|
|
goldengob
Joined: 19 Dec 2006
Posts: 26
Location: USA
|
|
|
|
|
|
|
| Posted: Tue Jul 03, 2012 9:32 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
The host tells me:
php 5.2.17
zend 3.3.9
but they deny any recent upgrades, so I don't know.
_________________
Mrpinkie.com |
|
|
|
|
|
|
|
kaktus
Owner
Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com
|
|
|
|
|
|
|
| Posted: Wed Jul 04, 2012 5:06 am Post subject: |
|
|
|
|
|
|
|
|
|
|
Well, then could be server move, hdd swap, or something else..
To fix, download the upgrade package from my site and do an upgrade..
_________________
|
|
|
|
|
|
|
|
goldengob
Joined: 19 Dec 2006
Posts: 26
Location: USA
|
|
|
|
|
|
|
| Posted: Wed Jul 04, 2012 3:39 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
That worked great thanks!
_________________
Mrpinkie.com |
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2002 phpBB Group
|
 |
phpBB Template designed by SkaidonDesigns |
 |
| |
